0.001 Low
EPSS
Percentile
32.0%
kiwitcms is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because user uploaded files are not properly validated in certain circumstances which allows an attacker to inject and execute arbitrary JavaScript.
github.com/kiwitcms/kiwi/commit/afc320f97b13a4c16e904cef54890edcc53db802
github.com/kiwitcms/Kiwi/security/advisories/GHSA-x7c2-7wvg-jpx7
kiwitcms.org/blog/kiwi-tcms-team/2023/05/22/kiwi-tcms-123/